Article 1002 at 08/11/26 11:01:38 From: akisada@tahi.org Subject: [users:01002] Re: [ipsec] report :"not supported at [ipv6readaesx1to2] "on freebsd 7.0

Index: [Article Count Order] [Thread]
Date: Wed, 26 Nov 2008 10:59:28 +0900
From: Yukiyo Akisada <akisada@tahi.org>
Subject: [users:01002] Re: [ipsec]  report :"not supported at [ipv6readaesx1to2] "on freebsd 7.0
To: wang_jiabo <jiabwang@redhat.com>
Cc: users@tahi.org
Message-Id: <20081126105928.0b82c041.akisada@tahi.org>
In-Reply-To: <492A5EFD.3050103@redhat.com>
References: <492A5EFD.3050103@redhat.com>
X-Mail-Count: 01002

Wang,

I have a doubt about your test on RedHat OS.

> *add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
> 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc 
> "ipv6readylogo3descbc1to2" -A hmac-sha1 "ipv6readaesx1to2";
> *it is ok. no failed message.
> it is ok on RedHat OS.

HMAC-SHA1-96 requires 160 bits key length, right?
"ipv6readaesx1to2" has only 128 bits.

Why did it work?

Thanks,


On Mon, 24 Nov 2008 15:59:57 +0800
wang_jiabo <jiabwang@redhat.com> wrote:

> Hello, all:
>     I am testing ipsec interoperability cases.
> when I configure following ipsec.conf file  on FreeBSD 7.0:
> 
> *add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
> 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc 
> "ipv6readylogo3descbc1to2" -A aes-xcbc-mac "ipv6readaesx1to2"; *
> 
> then run: * setkey -f /etc/ipsec.conf*
> system report :  *line 4 : Not supported at [ipv6readaesx1to2] 
>                            parse failed, line 4.
> *
> 
> if I use :*
> *
> 
> *add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
> 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc 
> "ipv6readylogo3descbc1to2" -A hmac-sha1 "ipv6readaesx1to2";
> *it is ok. no failed message.
> it is ok on RedHat OS.
> 
> could you help me find where problem is and how to resolve.  
> Thanks
> Wang JiaBo
> 
> *
> *
> 
> 


-- 
Yukiyo Akisada <akisada@tahi.org>